Charles-Edouard Ruault wrote:
Hi All,
i've compiled and installed kdebluetooth on my Fedora ppc distro, i'm
trying to get the stuff working and i'm getting the following problems
related to SELinux:
When i want to browse a device which is not yet paired with the laptop
i'm getting errors, because hcid is denied a few filesystem operations:
audit(1146044994.917:786): avc: denied { create } for pid=1836
comm="hcid" name="bluetooth" scontext=system_u:system_r:bluetooth_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
I've then straced hcid and found out that it's trying to create a
directory /var/lib/bluetooth and that this operation is being denied (
thus the above log ).
I've manually created the directory:
mkdir -p /var/lib/bluetooth/
and then
chcon system_u:object_r:bluetooth_var_lib_t bluetooth
and now everything's fine.
So i guess two things could be done in order to fix this :
1) allow hcid to create a dir in /var/lib ( i.e add this to the policy
: allow bluetooth_t var_lib_t:dir create; )
2) during installation of the bluetooth packages, create the
/var/lib/bluetooth directory and tag it properly.
Ok i spoke too quickly, after trying to pair with my phone i got the
following avc message:
audit(1146046683.267:792): avc: denied { execute_no_trans } for
pid=3742 comm="sh" name="kbluepin" dev=hda10 ino=1740403
scontext=user_u:system_r:bluetooth_t:s0
tcontext=system_u:object_r:lib_t:s0 tclass=file
So we should also add the following to the policy:
allow bluetooth_t lib_t:file execute_no_trans;
--
Charles-Edouard Ruault
GPG key Id E4D2B80C
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
